Technology

John Duffy works at the intersection of product development and security — building things and making sure they hold up. His work protects 200M+ citizen identities across 80 countries. If you have a passport, made an Interac purchase, been to a hospital, or bought a lottery ticket, you've probably used something he helped build. His position on security is simple: it's not about saying no — it has to enable change, not block it.

He started in smartcard security at CRYPTOCard, building authentication systems used by 40,000 people at Mount Sinai and throughout the British National Health Service. That work won Best-of-Show at Comdex and MacWorld. From there he moved into digital identity and built a security engineering group from scratch — three teams across Ottawa, the US, and Europe — that delivered the first issued high-security ePassport (New Zealand), the first digitally signed Drivers License (New York), and the first general-public Mobile Drivers License (Virginia).

He speaks at ATLSecCon, BlackHat, BSides, OWASP, and RSAC, and has trained hundreds of developers and security professionals on secure design, coding, and infrastructure.

Computer Science and Mathematics, Carleton. OCIPEP Critical Infrastructure Research Fellowship. CISSP.

· LinkedIn

Favorite Projects

Plan B-eer - A Reverse Engineered, Self-Contained Infrastructure for PicoBrew Z.
An automated IOT brewing system that is used by breweries (such as Isley Brewing in Virginia) and homebrewers to make production beer.

OpenSC - Smartcard tools and middleware that allow apps to talk to smartcards on multiple platforms. Worked on an implementation for embedded devices to allow both SCADA and mobile devices to use a Personal Identity Verfication (PIV) smart card.

Lighttwist - a tool for blending multiple projectors together in a seamless whole. Updated for XFCE and support for the blending for Panasonic projectors. Code